{"vulnerability": "CVE-2025-4667", "sightings": [{"uuid": "c1d35606-4df9-4fc4-9433-2cd12dc38663", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4667", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18374", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4667\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ssa_admin_upcoming_appointments, ssa_admin_upcoming_appointments, and ssa_past_appointments shortcodes in all versions up to, and including, 1.6.8.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-06-14T09:23:33.636Z\n\ud83d\udccf Modified: 2025-06-14T09:23:33.636Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/414173b9-d23e-4e44-bf8c-77a074bb09e9?source=cve\n2. https://wordpress.org/plugins/simply-schedule-appointments/#developers\n3. https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/tags/1.6.8.24/includes/class-shortcodes.php#L718\n4. https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/tags/1.6.8.24/includes/class-shortcodes.php#L754\n5. https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/tags/1.6.8.24/includes/class-shortcodes.php#L784\n6. https://plugins.trac.wordpress.org/changeset/3306064/simply-schedule-appointments/tags/1.6.8.32/includes/class-shortcodes.php", "creation_timestamp": "2025-06-14T09:35:12.000000Z"}, {"uuid": "1994ece0-6a6c-4784-8602-f6bfa0f2b6bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4667", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrl267osbc2u", "content": "", "creation_timestamp": "2025-06-14T13:20:56.194519Z"}, {"uuid": "7d09863d-7ac0-4e60-9c52-79e6f80ab3b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46672", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114407408963291150", "content": "", "creation_timestamp": "2025-04-27T01:48:41.127277Z"}, {"uuid": "8b778c68-417e-4145-a69d-2285cca80664", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46673", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114407408963291150", "content": "", "creation_timestamp": "2025-04-27T01:48:41.218005Z"}, {"uuid": "416b31a5-8a44-4058-a5a3-3a5404f997e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46674", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114407408963291150", "content": "", "creation_timestamp": "2025-04-27T01:48:41.302166Z"}, {"uuid": "72431ffc-9c92-4f6f-94f5-3eb0a580dfc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46675", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114407408963291150", "content": "", "creation_timestamp": "2025-04-27T01:48:41.388219Z"}, {"uuid": "2c2a22f7-3536-4452-b965-adc97feabf0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46672", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnrd2z2ml42g", "content": "", "creation_timestamp": "2025-04-27T03:35:24.332693Z"}, {"uuid": "f1ec5dc7-3715-4886-b1ba-b76c090a56d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46675", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnrd2zjq3u2r", "content": "", "creation_timestamp": "2025-04-27T03:35:25.604448Z"}, {"uuid": "979f8aa5-75aa-4dbd-90e4-3c3a0ff10dfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46673", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnrd2zne3z2b", "content": "", "creation_timestamp": "2025-04-27T03:35:26.182108Z"}, {"uuid": "f6b5a0ec-2b1f-4ec4-afe0-096ffd2a6981", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46674", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnrd32im6b2b", "content": "", "creation_timestamp": "2025-04-27T03:35:31.074289Z"}, {"uuid": "fabed122-0622-42e7-8f7f-901a24c6c8c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46672", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnrgb244k362", "content": "", "creation_timestamp": "2025-04-27T04:40:08.352992Z"}, {"uuid": "2d978a32-d057-4e8e-8592-93e1c8f69fcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46674", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13590", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46674\n\ud83d\udd25 CVSS Score: 3.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L)\n\ud83d\udd39 Description: NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle.\n\ud83d\udccf Published: 2025-04-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-27T00:49:46.138Z\n\ud83d\udd17 References:\n1. https://securitybynature.fr/post/hacking-cryptolib/\n2. https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2\n3. https://github.com/nasa/CryptoLib/pull/365", "creation_timestamp": "2025-04-27T01:08:29.000000Z"}, {"uuid": "10e912a5-1094-4d3c-8e8c-a0a668b02f1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46675", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13593", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46675\n\ud83d\udd25 CVSS Score: 3.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N)\n\ud83d\udd39 Description: In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking.\n\ud83d\udccf Published: 2025-04-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-27T00:42:52.544Z\n\ud83d\udd17 References:\n1. https://securitybynature.fr/post/hacking-cryptolib/\n2. https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2\n3. https://github.com/nasa/CryptoLib/pull/358\n4. https://github.com/nasa/CryptoLib/pull/359", "creation_timestamp": "2025-04-27T01:08:32.000000Z"}, {"uuid": "e35efaf1-79b4-4a05-881a-202c310b5a11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46672", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13592", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46672\n\ud83d\udd25 CVSS Score: 3.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially leading to spacecraft hijacking.\n\ud83d\udccf Published: 2025-04-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-27T00:45:19.443Z\n\ud83d\udd17 References:\n1. https://github.com/nasa/CryptoLib/pull/360\n2. https://securitybynature.fr/post/hacking-cryptolib/\n3. https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2", "creation_timestamp": "2025-04-27T01:08:31.000000Z"}, {"uuid": "1decc217-99c5-4847-b0fd-1b6b25365698", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46673", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13591", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46673\n\ud83d\udd25 CVSS Score: 4.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol (SDLS).\n\ud83d\udccf Published: 2025-04-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-27T00:47:31.630Z\n\ud83d\udd17 References:\n1. https://securitybynature.fr/post/hacking-cryptolib/\n2. https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2\n3. https://github.com/nasa/CryptoLib/pull/286\n4. https://github.com/nasa/CryptoLib/pull/306\n5. https://github.com/nasa/CryptoLib/compare/v1.3.0...v1.3.1", "creation_timestamp": "2025-04-27T01:08:30.000000Z"}, {"uuid": "51a849fb-d9bd-414d-9779-2111d10cac6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46675", "type": "seen", "source": "https://t.me/cvedetector/23816", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46675 - NASA CryptoLib Cryptographic Key State Validation Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-46675 \nPublished : April 27, 2025, 1:15 a.m. | 56\u00a0minutes ago \nDescription : In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-27T04:37:17.000000Z"}, {"uuid": "c60cb47d-803d-4786-9421-91efff7680d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46674", "type": "seen", "source": "https://t.me/cvedetector/23815", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46674 - NASA CryptoLib Cryptographic Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46674 \nPublished : April 27, 2025, 1:15 a.m. | 56\u00a0minutes ago \nDescription : NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-27T04:37:17.000000Z"}, {"uuid": "76999488-d982-46cc-846f-91d809709ad3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46673", "type": "seen", "source": "https://t.me/cvedetector/23814", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46673 - NASA CryptoLib SDLS Protocol Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46673 \nPublished : April 27, 2025, 1:15 a.m. | 56\u00a0minutes ago \nDescription : NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol (SDLS). \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-27T04:37:16.000000Z"}, {"uuid": "cb9531d4-06bc-456a-8629-fbdc2ca0cf58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46672", "type": "seen", "source": "https://t.me/cvedetector/23813", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46672 - NASA CryptoLib Crypto Function Status Validation Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-46672 \nPublished : April 27, 2025, 1:15 a.m. | 56\u00a0minutes ago \nDescription : NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially leading to spacecraft hijacking. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-27T04:37:15.000000Z"}]}