{"vulnerability": "CVE-2025-3950", "sightings": [{"uuid": "895ea291-54dc-445b-a12b-96f65879e5f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3950", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mbw66qsi4d2u", "content": "", "creation_timestamp": "2026-01-08T14:15:14.013575Z"}, {"uuid": "e56f4bf9-9eff-4d6c-9d02-b90501f640a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3950", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mbykt5fduq2u", "content": "", "creation_timestamp": "2026-01-09T13:06:41.099591Z"}, {"uuid": "7ed9e401-8339-476f-b0b3-5ba581850133", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39507", "type": "published-proof-of-concept", "source": "Telegram/QF2qL8FTH9lFpTSo7F-ILTZgkF0xG80ALl6tqjxGUgHwniE", "content": "", "creation_timestamp": "2025-06-10T03:00:05.000000Z"}, {"uuid": "c46f4b72-d2fd-4658-973c-95bc782f7a52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39507", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16713", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39507\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core allows PHP Local File Inclusion. This issue affects Nasa Core: from n/a through 6.3.2.\n\ud83d\udccf Published: 2025-05-16T15:45:24.437Z\n\ud83d\udccf Modified: 2025-05-16T16:21:00.437Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/nasa-core/vulnerability/wordpress-nasa-core-plugin-6-3-2-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-16T16:35:01.000000Z"}, {"uuid": "534bb4a3-8a32-4b6c-bb43-0ca2f19d5931", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39501", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17406", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39501\n\ud83d\udd25 CVSS Score: 9.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GoodLayers Goodlayers Hostel allows Blind SQL Injection. This issue affects Goodlayers Hostel: from n/a through 3.1.2.\n\ud83d\udccf Published: 2025-05-23T12:43:52.186Z\n\ud83d\udccf Modified: 2025-05-23T13:40:31.604Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/gdlr-hostel/vulnerability/wordpress-goodlayers-hostel-plugin-3-1-2-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T14:47:19.000000Z"}, {"uuid": "947456db-760d-4501-bc69-1e859a9c2516", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39500", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17380", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39500\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Deserialization of Untrusted Data vulnerability in GoodLayers Goodlayers Hostel allows Object Injection. This issue affects Goodlayers Hostel: from n/a through 3.1.2.\n\ud83d\udccf Published: 2025-05-23T12:43:52.651Z\n\ud83d\udccf Modified: 2025-05-23T13:30:11.376Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/gdlr-hostel/vulnerability/wordpress-goodlayers-hostel-plugin-3-1-2-php-object-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T13:47:22.000000Z"}, {"uuid": "fb18dd55-6064-4ca6-9964-e25124247267", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39505", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17402", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39505\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Goodlayers Hotel allows Reflected XSS. This issue affects Goodlayers Hotel: from n/a through 3.1.4.\n\ud83d\udccf Published: 2025-05-23T12:43:50.263Z\n\ud83d\udccf Modified: 2025-05-23T13:41:46.565Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/gdlr-hotel/vulnerability/wordpress-goodlayers-hotel-plugin-3-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T14:47:09.000000Z"}, {"uuid": "86bccd61-0d5b-46bb-b649-f101d011c4a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39502", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17405", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39502\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Goodlayers Hostel allows Reflected XSS. This issue affects Goodlayers Hostel: from n/a through 3.1.2.\n\ud83d\udccf Published: 2025-05-23T12:43:51.701Z\n\ud83d\udccf Modified: 2025-05-23T13:40:50.852Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/gdlr-hostel/vulnerability/wordpress-goodlayers-hostel-plugin-3-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T14:47:13.000000Z"}, {"uuid": "6d674684-8a93-455b-8b77-672f34a4818b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39503", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17404", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39503\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Deserialization of Untrusted Data vulnerability in GoodLayers Goodlayers Hotel allows Object Injection. This issue affects Goodlayers Hotel: from n/a through 3.1.4.\n\ud83d\udccf Published: 2025-05-23T12:43:51.237Z\n\ud83d\udccf Modified: 2025-05-23T13:41:09.798Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/gdlr-hotel/vulnerability/wordpress-goodlayers-hotel-plugin-3-1-4-php-object-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T14:47:11.000000Z"}, {"uuid": "9c96a151-8ed7-4c6c-9ab6-f191980c5fdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39504", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17403", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39504\n\ud83d\udd25 CVSS Score: 9.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GoodLayers Goodlayers Hotel allows Blind SQL Injection. This issue affects Goodlayers Hotel: from n/a through 3.1.4.\n\ud83d\udccf Published: 2025-05-23T12:43:50.777Z\n\ud83d\udccf Modified: 2025-05-23T13:41:27.955Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/gdlr-hotel/vulnerability/wordpress-goodlayers-hotel-plugin-3-1-4-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T14:47:10.000000Z"}, {"uuid": "a8a57863-7785-4e47-82f9-83e778682fc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-39507", "type": "published-proof-of-concept", "source": "Telegram/8EUjxo2TKnaloL5sHaUwdkIT6hd-NYIBKLtGdVmZMYPI04s", "content": "", "creation_timestamp": "2025-06-10T15:00:07.000000Z"}]}