{"vulnerability": "CVE-2025-3267", "sightings": [{"uuid": "07769eea-3b0f-497a-be58-07af992a6b47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3267", "type": "seen", "source": "https://t.me/cvedetector/22171", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3267 - TinyWebServer SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3267 \nPublished : April 4, 2025, 8:15 p.m. | 1\u00a0hour, 52\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, was found in qinguoyi TinyWebServer up to 1.0. This affects an unknown part of the file /http/http_conn.cpp. The manipulation of the argument name/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-05T00:42:49.000000Z"}, {"uuid": "32d49f07-59d3-4eb5-8de8-b3737eca381b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3267", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10546", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3267\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as critical, was found in qinguoyi TinyWebServer up to 1.0. This affects an unknown part of the file /http/http_conn.cpp. The manipulation of the argument name/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-04T20:00:09.305Z\n\ud83d\udccf Modified: 2025-04-04T20:28:42.495Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303339\n2. https://vuldb.com/?ctiid.303339\n3. https://vuldb.com/?submit.549228\n4. https://magnificent-dill-351.notion.site/SQL-Injection-in-TinyWebServer-1-0-1c9c693918ed800ba172f55997565735", "creation_timestamp": "2025-04-04T20:36:20.000000Z"}, {"uuid": "c00b74fa-0234-4ab5-9960-7e2fe0deaa29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32671", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11391", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32671\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John Weissberg Print Science Designer allows Path Traversal. This issue affects Print Science Designer: from n/a through 1.3.155.\n\ud83d\udccf Published: 2025-04-11T08:43:02.559Z\n\ud83d\udccf Modified: 2025-04-11T08:43:02.559Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/print-science-designer/vulnerability/wordpress-print-science-designer-plugin-1-3-155-arbitrary-file-download-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-11T08:50:15.000000Z"}, {"uuid": "ff368b63-b99f-498f-98b1-ae7a30456026", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32672", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11390", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32672\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion. This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.9.\n\ud83d\udccf Published: 2025-04-11T08:43:02.771Z\n\ud83d\udccf Modified: 2025-04-11T08:43:02.771Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/ultimate-bootstrap-elements-for-elementor/vulnerability/wordpress-ultimate-bootstrap-elements-for-elementor-plugin-1-4-9-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-11T08:50:14.000000Z"}, {"uuid": "de11d6cb-94a2-4af3-a159-6d35905938d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32676", "type": "seen", "source": "https://t.me/cvedetector/22585", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32676 - Verowa Connect SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-32676 \nPublished : April 9, 2025, 5:15 p.m. | 1\u00a0hour, 19\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Picture-Planet GmbH Verowa Connect allows Blind SQL Injection. This issue affects Verowa Connect: from n/a through 3.0.5. \nSeverity: 7.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T20:57:32.000000Z"}, {"uuid": "29d62784-507e-4e9a-ab8b-75b5358ccf85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32675", "type": "seen", "source": "https://t.me/cvedetector/22584", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32675 - QuantumCloud SEO Help SSRF\", \n  \"Content\": \"CVE ID : CVE-2025-32675 \nPublished : April 9, 2025, 5:15 p.m. | 1\u00a0hour, 19\u00a0minutes ago \nDescription : Server-Side Request Forgery (SSRF) vulnerability in QuantumCloud SEO Help allows Server Side Request Forgery. This issue affects SEO Help: from n/a through 6.6.0. \nSeverity: 6.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T20:57:31.000000Z"}, {"uuid": "27799418-7239-4de8-bf73-7cafa515e50e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32673", "type": "seen", "source": "https://t.me/cvedetector/22583", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32673 - Epeken All Kurir CSRF Stored XSS\", \n  \"Content\": \"CVE ID : CVE-2025-32673 \nPublished : April 9, 2025, 5:15 p.m. | 1\u00a0hour, 19\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in epeken Epeken All Kurir allows Stored XSS. This issue affects Epeken All Kurir: from n/a through 1.4.6.2. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T20:57:30.000000Z"}, {"uuid": "8778eff5-03c1-4da1-9f33-ab154137b560", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32679", "type": "seen", "source": "https://t.me/cvedetector/22580", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32679 - ZealousWeb Contact Form 7 CSRF\", \n  \"Content\": \"CVE ID : CVE-2025-32679 \nPublished : April 9, 2025, 5:15 p.m. | 1\u00a0hour, 19\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in ZealousWeb User Registration Using Contact Form 7 allows Cross Site Request Forgery. This issue affects User Registration Using Contact Form 7: from n/a through 2.2. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T20:57:25.000000Z"}, {"uuid": "05dc4f71-7a36-4316-bd20-d592b5116c2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32672", "type": "seen", "source": "https://t.me/cvedetector/22736", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32672 - g5theme Ultimate Bootstrap Elements for Elementor PHP RFI Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32672 \nPublished : April 11, 2025, 9:15 a.m. | 2\u00a0hours, 18\u00a0minutes ago \nDescription : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion. This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.9. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-11T13:56:46.000000Z"}, {"uuid": "561cfd08-efd8-4b1f-8abf-b5643ea5cebf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3267", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llzd3oengu2i", "content": "", "creation_timestamp": "2025-04-04T21:06:42.005644Z"}, {"uuid": "ca2c411d-8855-423b-975c-d7f6b7668af2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3267", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114298409300976749", "content": "", "creation_timestamp": "2025-04-07T19:48:39.875618Z"}, {"uuid": "4238ef49-8fdb-482a-9f80-3475c3e74cc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32672", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmjwksbzig2v", "content": "", "creation_timestamp": "2025-04-11T11:37:49.272011Z"}, {"uuid": "51d67f16-6757-43e3-b7f7-4bbd9b311326", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32672", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114319171532187362", "content": "", "creation_timestamp": "2025-04-11T11:48:44.862890Z"}, {"uuid": "f7db3e51-0873-42e3-bb37-5d48c7d2061c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32671", "type": "seen", "source": "https://t.me/cvedetector/22735", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32671 - John Weissberg Print Science Designer Path Traversal\", \n  \"Content\": \"CVE ID : CVE-2025-32671 \nPublished : April 11, 2025, 9:15 a.m. | 2\u00a0hours, 18\u00a0minutes ago \nDescription : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John Weissberg Print Science Designer allows Path Traversal. This issue affects Print Science Designer: from n/a through 1.3.155. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-11T13:56:45.000000Z"}]}