{"vulnerability": "CVE-2025-4065", "sightings": [{"uuid": "dfadac7a-124a-4eb6-b597-0c67992f0fef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40658", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lray5zp4d42r", "content": "", "creation_timestamp": "2025-06-10T13:18:25.383661Z"}, {"uuid": "9fcee27a-47c2-4ed3-bfcb-f3def301aab5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40656", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lraypwq2g22a", "content": "", "creation_timestamp": "2025-06-10T13:28:25.863360Z"}, {"uuid": "61fc8957-c6d4-4241-a3be-0f8289844eab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40655", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lraxm4s4nj2q", "content": "", "creation_timestamp": "2025-06-10T13:08:24.325298Z"}, {"uuid": "870d5052-2982-4abf-8fd6-212164c8e199", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40657", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lraxv3auty2a", "content": "", "creation_timestamp": "2025-06-10T13:13:24.736840Z"}, {"uuid": "bfc42852-957b-44a7-8298-b58f8e203a56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40659", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrayyv5lbl23", "content": "", "creation_timestamp": "2025-06-10T13:33:26.316935Z"}, {"uuid": "b9ed9401-d0b6-4eea-86a5-c2d848737118", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40652", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq3i3xepkty2", "content": "", "creation_timestamp": "2025-05-26T15:23:20.822974Z"}, {"uuid": "56163a8c-8914-4bcd-acae-cd76b0fec043", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4065", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnxn33dkpc2a", "content": "", "creation_timestamp": "2025-04-29T15:50:28.998378Z"}, {"uuid": "d4d0f413-1258-47c5-b1bb-122835224d49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40651", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lqaky4z4xy2q", "content": "", "creation_timestamp": "2025-05-28T15:57:17.139250Z"}, {"uuid": "d12a5ca9-cffa-416e-be58-ee28f742f2a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40653", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lq3d6j4pzo2e", "content": "", "creation_timestamp": "2025-05-26T13:54:22.354542Z"}, {"uuid": "510ef2f6-8a01-4fdd-8418-421db4181cbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40652", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lq3dg6pf2e2q", "content": "", "creation_timestamp": "2025-05-26T13:58:39.963553Z"}, {"uuid": "93ca0771-9733-4001-86a0-cfedadf6379d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40650", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lq3dy3ntmz2a", "content": "", "creation_timestamp": "2025-05-26T14:08:40.738063Z"}, {"uuid": "b549921a-c581-40b0-b825-9ee57757c934", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40653", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq3i3xrd6iy2", "content": "", "creation_timestamp": "2025-05-26T15:24:26.004778Z"}, {"uuid": "6dc89545-3401-417d-bf1c-e801d6fca6eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40650", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq3ifbjl56z2", "content": "", "creation_timestamp": "2025-05-26T15:28:54.785591Z"}, {"uuid": "b8eb1d59-2061-4637-a829-a31bb479fef9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40651", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqaityazo3r2", "content": "", "creation_timestamp": "2025-05-28T15:22:24.652181Z"}, {"uuid": "2565bb4b-9faa-478f-9bd1-631637748f07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4065", "type": "seen", "source": "Telegram/BW6CS1c2yfnfr5Hz14FjC2Gy13hRBqMEHYLNjuSPHeFguDw", "content": "", "creation_timestamp": "2025-04-29T18:02:11.000000Z"}, {"uuid": "2454dec4-4c44-4c21-bb2b-cbc818e61d18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4065", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13841", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4065\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/addadvertisement.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-29T14:31:04.679Z\n\ud83d\udccf Modified: 2025-04-29T14:52:17.498Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.306502\n2. https://vuldb.com/?ctiid.306502\n3. https://vuldb.com/?submit.559478\n4. https://www.websecurityinsights.my.id/2025/04/script-and-tools-online-travling-system_16.html", "creation_timestamp": "2025-04-29T15:11:48.000000Z"}, {"uuid": "20bd14d6-d467-422f-8b34-7f5ef25c5341", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40652", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17560", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40652\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: Stored Cross-Site Scripting (XSS) vulnerability in the CoverManager booking software. This allows an attacker to inject malicious scripts into the application, which are permanently stored on the server. The malicious scripts are executed in the browser of any user visiting the affected page without the user having to take any further action. This can allow the attacker to steal sensitive information, such as session cookies, login credentials, and perform actions on behalf of the affected user.\n\ud83d\udccf Published: 2025-05-26T12:52:43.162Z\n\ud83d\udccf Modified: 2025-05-26T12:52:43.162Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-covermanager", "creation_timestamp": "2025-05-26T13:47:25.000000Z"}, {"uuid": "3e86fa98-5b2e-4bd3-9219-8194c3f02e13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40653", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17559", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40653\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: User enumeration vulnerability in M3M Printer Server Web. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine whether a username is valid or not, allowing a brute force attack on valid usernames.\n\ud83d\udccf Published: 2025-05-26T12:54:08.905Z\n\ud83d\udccf Modified: 2025-05-26T12:54:08.905Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/user-enumeration-m3m-printer-server-web", "creation_timestamp": "2025-05-26T13:47:24.000000Z"}, {"uuid": "a9daf7ac-4f91-495a-8748-1942cc89f6a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40654", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17866", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40654\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name and cod parameters in /antbuspre.asp.\n\ud83d\udccf Published: 2025-06-10T10:01:14.010Z\n\ud83d\udccf Modified: 2025-06-10T10:02:32.845Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dm-corporative-cms-dmacroweb", "creation_timestamp": "2025-06-10T10:33:43.000000Z"}, {"uuid": "596b928a-fc70-43d1-8605-b3c0f5e70d76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40655", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17865", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40655\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name parameter in /antcatalogue.asp.\n\ud83d\udccf Published: 2025-06-10T10:03:24.120Z\n\ud83d\udccf Modified: 2025-06-10T10:03:24.120Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dm-corporative-cms-dmacroweb", "creation_timestamp": "2025-06-10T10:33:42.000000Z"}, {"uuid": "a6aa8b4d-e63c-4326-b070-a7653b01c0fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40650", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17561", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40650\n\ud83d\udd25 CVSS Score: 8.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Insecure Direct Object Reference (IDOR) vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report cards.\n\ud83d\udccf Published: 2025-05-26T12:51:32.391Z\n\ud83d\udccf Modified: 2025-05-26T12:51:32.391Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-idor-clickedu", "creation_timestamp": "2025-05-26T13:47:26.000000Z"}, {"uuid": "e15e3d90-8cc5-4354-8049-b9d739e7fa40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40659", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17861", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40659\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the\u00a0option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp.\n\ud83d\udccf Published: 2025-06-10T10:06:09.181Z\n\ud83d\udccf Modified: 2025-06-10T10:06:09.181Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dm-corporative-cms-dmacroweb", "creation_timestamp": "2025-06-10T10:33:35.000000Z"}, {"uuid": "27e63557-20df-44f5-bd17-b20edbca4f08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40656", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17864", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40656\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in /administer/node-selection/data.asp.\n\ud83d\udccf Published: 2025-06-10T10:03:49.029Z\n\ud83d\udccf Modified: 2025-06-10T10:03:49.029Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dm-corporative-cms-dmacroweb", "creation_timestamp": "2025-06-10T10:33:41.000000Z"}, {"uuid": "d3ac1391-e8e7-4f8f-a84b-5ff0d3d239ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40657", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17863", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40657\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the codform parameter in /modules/forms/collectform.asp.\n\ud83d\udccf Published: 2025-06-10T10:04:09.279Z\n\ud83d\udccf Modified: 2025-06-10T10:04:09.279Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dm-corporative-cms-dmacroweb", "creation_timestamp": "2025-06-10T10:33:40.000000Z"}, {"uuid": "73e7452b-fa4a-47ba-adc7-beb2c7c455df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40658", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17862", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40658\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the\u00a0option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp.\n\ud83d\udccf Published: 2025-06-10T10:05:46.265Z\n\ud83d\udccf Modified: 2025-06-10T10:05:46.265Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dm-corporative-cms-dmacroweb", "creation_timestamp": "2025-06-10T10:33:36.000000Z"}, {"uuid": "5effe09d-402b-4e32-929c-02277476ce58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4065", "type": "seen", "source": "https://t.me/cvedetector/24030", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-4065 - ScriptAndTools Online-Travling-System Remote Improper Access Control Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-4065 \nPublished : April 29, 2025, 3:15 p.m. | 1\u00a0hour, 30\u00a0minutes ago \nDescription : A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/addadvertisement.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-29T19:20:50.000000Z"}]}